Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Next Please go to Virus Total <http://www.virustotal.com/> or Jottiand upload c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe for scanning.For Virus Total1. Please copy and paste c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe in the text box next to the Browse button. 2. Click on Send File.For Jotti1. Please copy and paste c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe in the text box next to the Browse button. 2. Click on Submit.

Please post back the results of the scan in your next post.

NextCOMBOFIX-ScriptA word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

File fpupdatepl.exe received on 2009.07.20 23:17:44 (UTC)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 1/41 (2.44%)Loading server information...Your file is queued in position: 1.Estimated start time is between 40 and 57 seconds.Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email:

c:\documents and settings\Compaq_Owner\Application Data\LimeWirec:\documents and settings\Compaq_Owner\Application Data\LimeWire\active.mojitoc:\documents and settings\Compaq_Owner\Application Data\LimeWire\certificate\limewire.keystorec:\documents and settings\Compaq_Owner\Application Data\LimeWire\createtimes.cachec:\documents and settings\Compaq_Owner\Application Data\LimeWire\downloads.datc:\documents and settings\Compaq_Owner\Application Data\LimeWire\fileurns.bakc:\documents and settings\Compaq_Owner\Application Data\LimeWire\fileurns.cachec:\documents and settings\Compaq_Owner\Application Data\LimeWire\filters.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\gnutella.netc:\documents and settings\Compaq_Owner\Application Data\LimeWire\installation.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\library.datc:\documents and settings\Compaq_Owner\Application Data\LimeWire\limewire.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\mojito.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\passive.mojitoc:\documents and settings\Compaq_Owner\Application Data\LimeWire\promotion\promodb.backupc:\documents and settings\Compaq_Owner\Application Data\LimeWire\promotion\promodb.datac:\documents and settings\Compaq_Owner\Application Data\LimeWire\promotion\promodb.propertiesc:\documents and settings\Compaq_Owner\Application Data\LimeWire\promotion\promodb.scriptc:\documents and settings\Compaq_Owner\Application Data\LimeWire\questions.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\responses.cachec:\documents and settings\Compaq_Owner\Application Data\LimeWire\simpp.xmlc:\documents and settings\Compaq_Owner\Application Data\LimeWire\spam.datc:\documents and settings\Compaq_Owner\Application Data\LimeWire\tables.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme.lwtpc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\01_star.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\02_star.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\03_star.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\04_star.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\05_star.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\chat.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\forward_dn.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\forward_up.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\kill.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\kill_on.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\pause_dn.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\pause_up.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\play_dn.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\play_up.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\question.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\rewind_dn.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\rewind_up.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\stop_dn.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\stop_up.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\theme.txtc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\version.txtc:\documents and settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\warning.gifc:\documents and settings\Compaq_Owner\Application Data\LimeWire\ttrees.cachec:\documents and settings\Compaq_Owner\Application Data\LimeWire\ttroot.cachec:\documents and settings\Compaq_Owner\Application Data\LimeWire\version.xmlc:\documents and settings\Compaq_Owner\Application Data\LimeWire\versions.propsc:\documents and settings\Compaq_Owner\Application Data\LimeWire\xml\data\audio.sxml2

.((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))).

Note:Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.

Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586-p.exe" and save the downloaded file to your desktop.

Go to Start => Control Panel => Add or Remove Programs

Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)

Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.

Reboot your computer

Update Adobe ReaderRecently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.You can download it from http://www.adobe.com/products/acrobat/readstep2.htmlAfter installing the latest Adobe Reader, uninstall all previous versions.If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

None that I have came across all night. Seems like its rebooting faster also

Excellent

So if you are not having any further problems, I would suggest you proceed as follows.

MBAM and TFC are great tools for you to keep and use on a regular basis.

You can deleteRSIT from your Desktop and it associated folder C:\RSIT

Remove Combofix

Click START then RUN

Now type Combofix /u in the runbox and click OK

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialise and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.These are not mandatory just a recommendation.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Ok, I did everything you told me to and suggested. One question before we are done, I did the IE security things, but I don't use it that often. Are there any tips to help Firefox become more secure?

And thank you! I was actually having an internet connectivity problem before we did these things and now it seems to have went away. I thought it was my ISP but it seems it may have been the malware or that trojan.

I am not a Firefox user so not the best person to ask on what particular settings to use. It is a relatively safe browser but the secret for staying secure is to stay away from P2P file sharing, be wary of what you download and keep that Antivirus updated.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.